skip to primary navigationskip to content
 

Configuring IIS to use SSL

You can configure IIS to use SSL relatively easily. The main consideration is the type of certificate to use.

Certificate Type

There are two choices, self certificate or a certificate from a recognised certificate authority. You should always use a certificate authority for production systems, especially systems which will be accessed by people outside of your department/college or outside the cam domain.

Certificate Authority

You should in most cases use a certificate from a trusted authority.  UIS makes certificates available for the University from third parties, the source of these certificates does change over time but they are always from a reliable certificate authority.

Full information on this can be found at http://www.cam.ac.uk/cs/tlscerts/.

 

Self Certificate

Windows server comes with a certificate authority server which you can use to self certificate. This is useful for testing purposes or if you want an internal certificate only.

Generating a Self Certificate

To generate a self certificate and install a certificate of any type see the IIS Certificates page

Configuring IIS to use SSL

Once you have a valid certificate installed in IIS you need to enable SSL on your website.

  • Open the properties for the website, subfolder or virtual directory you want to secure with SSL.
  • Select the Directory Security tab.
  • In the Secure Communications section click Edit.
  • Put a tick in the box for "Require secure channel (SSL)".
  • Click OK, then Apply then OK.
  • Close IIS Manager.

ReStart IIS

In order for the changes to take place immediately you need to restart IIS or the server as a whole. Otherwise the changes will not take place for at least 10 minutes. To restart IIS on its own, open a command-line prompt on the server and enter:

  • iisreset /NOFORCE

This will restart IIS and complete the installation of the intermediate certificate.